Lucene search
K

61 matches found

NVD
NVD
added 2024/12/27 5:15 a.m.18 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS0.00748EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.13 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.5AI score0.00748EPSS
Exploits0References3
OSV
OSV
added 2024/12/27 12:0 a.m.13 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS6.7AI score0.00624EPSS
Exploits0References6
OSV
OSV
added 2024/12/27 12:0 a.m.10 views

CVE-2024-56520

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...

7.3CVSS6.7AI score0.0055EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.4 views

PT-2024-36831 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the unserializeTCPDFtag function, which uses loose comparison != and does not utilize a constant-time function to compare TCPDF tag hashes. This could potentially lead to...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References35
CVE
CVE
added 2024/12/27 12:0 a.m.86 views

CVE-2024-56519

TCPDF vulnerability CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family attribute, enabling potential impact per CVSS 3.1/7.5 (HIGH) with network attack vector and no user interaction. Affected library: TCPDF prior to 6.8.0. Mitigation: upgrade to 6.8.0 or later when available. Deb...

7.5CVSS7AI score0.00624EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.30 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

0.00748EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.19 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

0.00615EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.14 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5AI score0.00615EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.4 views

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. TCPDF version before 6.8.0 has a security vulnerability , the vulnerability stems from unserializeTCPDFtag use "! =" and does not use the constant-time function to compare TCPDF tag hashes...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.30 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

0.00752EPSS
Exploits1References4
OSV
OSV
added 2024/12/27 12:0 a.m.16 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS6.7AI score0.00752EPSS
Exploits1References7
CVE
CVE
added 2024/12/27 12:0 a.m.89 views

CVE-2024-56522

TCPDF vulnerability CVE-2024-56522 affects TCPDF before 6.8.0, where unserializeTCPDFtag uses loose comparison ( != ) and does not use a constant-time function to compare tag hashes. The issue is reported with CVSS v3.1: High (7.5) risk, network attack vector, no privileges required, no user inte...

7.5CVSS6.9AI score0.00615EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.15 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS5.2AI score0.00615EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.19 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS5.2AI score0.00624EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.4 views

PT-2024-36832 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References35
OSV
OSV
added 2024/12/27 12:0 a.m.12 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS6.7AI score0.00748EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.15 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS5.2AI score0.00752EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.13 views

PT-2024-36830 · Tcpdf +2 · Tcpdf +2

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in TCPDF. If libcurl is used, CURLOPT SSL VERIFYHOST and CURLOPT SSL VERIFYPEER are set unsafely. Recommendations: For versions prior to 6.8.0, update to version 6.8.0 or late...

9.8CVSS6.8AI score0.00748EPSS
Exploits0References24
OSV
OSV
added 2024/11/26 6:15 p.m.2 views

UBUNTU-CVE-2024-51058

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

6.2CVSS5.9AI score0.00816EPSS
Exploits0References3
Rows per page
Query Builder